Feature request ?

Francis Daly francis at daoine.org
Mon Nov 21 14:44:18 UTC 2016

On Mon, Nov 21, 2016 at 09:28:06AM +1100, Alex Samad wrote:

Hi there,

> But I find that the amount of information about the client cert is very
> limited. compared to say squid / apache.
> For example I looking for end date for the client cert.  It would be nice
> if this sort of information could be provided by env variables .. instead
> of me having to process the raw pem format on every request.

Either nginx has to do the work to present the information for all
requests for all users; or you have to do it for your use case.

I suspect that what nginx currently does is mostly "what seemed useful
to many people", with a bit of "someone wrote the code".

For example: why do you care about the certificate end date?

You should (in general) care what the result of client certificate
verification is, which (I hope) includes a date check. If you have a
special use case that wants the end-date for some other reason, then
you get to write the code for your special case.

I guess that it is possible that, if it is believed that information is
generally useful, it could be auto-exposed by nginx. Possibly the reason
it is not, is that no-one has asked for it.


Francis Daly        francis at daoine.org

More information about the nginx mailing list